A context-sensitive access control model and prototype implementation

Abstract

Role-based access control associates roles with privileges and users with roles. Changes to these associations are infrequent and explicit. This may not reflect business requirements. Access to an object should not only be based on the identity of the object and the user, but also on the actual task that must be performed, i.e. the context of the work to be done. Context-sensitive access control considers the actual task when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This paper discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control.